CHROME USERS MORE PRONE TO PHISHING ATTACKS

bySagnik RoyonMay 15, 2014

A new phishing attack which threatens to steal Google accounts password is targeting Gmail users, particularly the ones who use Google Chrome browser – said security experts from Bitdefender. Google Chrome does not display the entire URL of a webpage in its address bar which is the main reason why more users are falling prey to this fast spreading attack.

Bianca Stanescu, a security specialist at Bitdefender has mentioned in a blog post – “As Google Chrome doesn’t show the whole string, regular users have a hard time figuring out they are targeted in a phishing attack and may give their data to cyber-criminals”.
“We haven’t spotted this type of phishing attack. It’s enhanced, usually the security solutions block the webpage for malicious activity before users open it, but this time security solutions receive the encoded content and they can’t really block it” – she added.

The scam starts with an email that is claimed to be sent by Google and generally reads “Mail Notice” or “Lookout Notice”. It states that the recipient user has failed to increase his/her storage quota and that their email account will be “locked out” in 24 hours. The recipients are redirected to a fake Google login page when they click on the “INSTANT INCREASE” link provided within the mail to counteract their accounts being blocked.

Once the hackers gain access to the prospective victim’s emails, they can easily invade their Google Drive, Google Play, Google + accounts and can also gain further access to any other sites or accounts which are synced with their Google account. The unique part about this whole attack is how authentic the emails look and how well the phishing is structured as users get “data:” in their address bars, which is based on Uniform Resource Identifiers (URI).

“Scammers usually pose as services that contact people by e-mail for announcements or notifications. Google, Facebook, eBay, phone services and financial institutions are among phishers’ favorite disguises to invade inboxes worldwide” – Stanescu added.